Hello.
Does anyone know how to communicate to a Raw Pdo? I am using ZwFileCreate and ZwRead, whereas before I moved to KMDF I could communicate between the two now I cannot and after looking at the kbftest.c file the solution seems much more complicated.
As by microsofts recommendations I reduce the Irql level to passive level before proceeding but this means I have locked system.
Help!
You do know that the only time you can reduce the IRQL is if you RAISED the
IRQL in the first place?
The personal opinion of
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Sunday, September 13, 2009 2:23 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Driver communication.
Hello.
Does anyone know how to communicate to a Raw Pdo? I am using ZwFileCreate
and ZwRead, whereas before I moved to KMDF I could communicate between the
two now I cannot and after looking at the kbftest.c file the solution seems
much more complicated.
As by microsofts recommendations I reduce the Irql level to passive level
before proceeding but this means I have locked system.
Help!
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 4422 (20090913) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 4422 (20090913) __________
The message was checked by ESET Smart Security.
Then how would you suggest I lowered the the IRQL to a passive level?
If you didn’t raise it, you don’t. Queue the request and queue a work item
which is guaranteed to be at lower (PASSIVE) IRQL.
You can also tell us what you are trying to do.
The personal opinion of
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Sunday, September 13, 2009 3:52 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Driver communication.
Then how would you suggest I lowered the the IRQL to a passive level?
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 4422 (20090913) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 4422 (20090913) __________
The message was checked by ESET Smart Security.
Simply driver to driver communication using a raw Pdo on one end.
KMDF kbfiltr is the example I am looking at and I am trying to adapt kbftest.exe to a driver so I can have the driver to driver communications.
This is my code. It won’t work and excuse the variable names.
VOID EvtUsbTargetPipeReadComplete (WDFUSBPIPE Pipe, WDFMEMORY Buffer, size_t NumBytesTransferred, WDFCONTEXT Context)
{
PUCHAR SwitchState = NULL;
WDFDEVICE WdfDevice;
PDEVICE_CONTEXT pDeviceContext = Context;
UCHAR index;
HANDLE Handle;
IO_STATUS_BLOCK IoStatusBlock;
CHAR pVoidBuffer[24];
size_t uLength;
NTSTATUS NtStatus;
WdfDevice = WdfObjectContextGetObject(pDeviceContext);
SwitchState = WdfMemoryGetBuffer(Buffer, &NumBytesTransferred);
pDeviceContext->CurrentSwitchState = *SwitchState;
DbgPrint (“EvtUsbTargetPipeReadComplete Pipe=?0x%08x? Buffer=?0x%08x? NumBytesTransferred=?%i? Context=?0x%08x?”, Pipe, Buffer, NumBytesTransferred, Context);
for(index=0; index < NumBytesTransferred; index++)
DbgPrint (“byte[%i]=?0x%02x?”, index, *(SwitchState+index));
NtStatus = CreateFile (&Handle, GUNCONKB_DEVICE_ID, GENERIC_WRITE);
if(!NT_SUCCESS(NtStatus))
{
DbgPrint(“CreateFile unfortunately failed.\n”);
return;
}
RtlStringCbPrintfA(pVoidBuffer, sizeof(pVoidBuffer), “%02x%02x%02x%02x%02x%02x%02x%02x\0”, *(SwitchState), *(SwitchState+1), *(SwitchState+2), *(SwitchState+3), *(SwitchState+4), *(SwitchState+5), *(SwitchState+6), *(SwitchState+7));
RtlStringCbLengthA(pVoidBuffer, sizeof(pVoidBuffer), &uLength);
NtStatus = ZwWriteFile (Handle, NULL, NULL, NULL, &IoStatusBlock, pVoidBuffer, uLength, NULL, NULL);
if(!NT_SUCCESS(NtStatus))
{
DbgPrint(“WriteFile unfortunately failed.\n”);
ZwClose(Handle);
return;
}
ZwClose(Handle);
}
I doubt if it even compiles. You cannot use “Createfile” in the kernel. Nor
can you use SetupDiXxxx. You’re attempting to do user mode “stuff” in the
kernel and you can’t.
The personal opinion of
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Sunday, September 13, 2009 4:30 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Driver communication.
This is my code. It won’t work and excuse the variable names.
VOID EvtUsbTargetPipeReadComplete (WDFUSBPIPE Pipe, WDFMEMORY Buffer, size_t
NumBytesTransferred, WDFCONTEXT Context)
{
PUCHAR SwitchState = NULL;
WDFDEVICE WdfDevice;
PDEVICE_CONTEXT pDeviceContext = Context;
UCHAR index;
HANDLE Handle;
IO_STATUS_BLOCK IoStatusBlock;
CHAR pVoidBuffer[24];
size_t uLength;
NTSTATUS NtStatus;
WdfDevice = WdfObjectContextGetObject(pDeviceContext);
SwitchState = WdfMemoryGetBuffer(Buffer, &NumBytesTransferred);
pDeviceContext->CurrentSwitchState = *SwitchState;
DbgPrint (“EvtUsbTargetPipeReadComplete Pipe=40x%08x4 Buffer=40x%08x4
NumBytesTransferred=4%i4 Context=40x%08x4”, Pipe, Buffer,
NumBytesTransferred, Context);
for(index=0; index < NumBytesTransferred; index++)
DbgPrint (“byte[%i]=40x%02x4”, index, *(SwitchState+index));
NtStatus = CreateFile (&Handle, GUNCONKB_DEVICE_ID, GENERIC_WRITE);
if(!NT_SUCCESS(NtStatus))
{
DbgPrint(“CreateFile unfortunately failed.\n”);
return;
}
RtlStringCbPrintfA(pVoidBuffer, sizeof(pVoidBuffer),
“%02x%02x%02x%02x%02x%02x%02x%02x\0”, *(SwitchState), *(SwitchState+1),
*(SwitchState+2), *(SwitchState+3), *(SwitchState+4), *(SwitchState+5),
*(SwitchState+6), *(SwitchState+7));
RtlStringCbLengthA(pVoidBuffer, sizeof(pVoidBuffer), &uLength);
NtStatus = ZwWriteFile (Handle, NULL, NULL, NULL, &IoStatusBlock,
pVoidBuffer, uLength, NULL, NULL);
if(!NT_SUCCESS(NtStatus))
{
DbgPrint(“WriteFile unfortunately failed.\n”);
ZwClose(Handle);
return;
}
ZwClose(Handle);
}
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 4422 (20090913) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 4422 (20090913) __________
The message was checked by ESET Smart Security.
I don’t know what the op is doing exactly, but that’s not ‘CreateFile()’ of user mode fame (too few arguments):
NtStatus = CreateFile (&Handle, GUNCONKB_DEVICE_ID, GENERIC_WRITE);
mm
You want to open the file to the raw pdo once,not on every read complete
d
Sent from my phone with no t9, all spilling mistakes are not intentional.
-----Original Message-----
From: xxxxx@hotmail.com
Sent: Sunday, September 13, 2009 2:29 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Driver communication.
This is my code. It won’t work and excuse the variable names.
VOID EvtUsbTargetPipeReadComplete (WDFUSBPIPE Pipe, WDFMEMORY Buffer, size_t NumBytesTransferred, WDFCONTEXT Context)
{
PUCHAR SwitchState = NULL;
WDFDEVICE WdfDevice;
PDEVICE_CONTEXT pDeviceContext = Context;
UCHAR index;
HANDLE Handle;
IO_STATUS_BLOCK IoStatusBlock;
CHAR pVoidBuffer[24];
size_t uLength;
NTSTATUS NtStatus;
WdfDevice = WdfObjectContextGetObject(pDeviceContext);
SwitchState = WdfMemoryGetBuffer(Buffer, &NumBytesTransferred);
pDeviceContext->CurrentSwitchState = *SwitchState;
DbgPrint (“EvtUsbTargetPipeReadComplete Pipe=?0x%08x? Buffer=?0x%08x? NumBytesTransferred=?%i? Context=?0x%08x?”, Pipe, Buffer, NumBytesTransferred, Context);
for(index=0; index < NumBytesTransferred; index++)
DbgPrint (“byte[%i]=?0x%02x?”, index, *(SwitchState+index));
NtStatus = CreateFile (&Handle, GUNCONKB_DEVICE_ID, GENERIC_WRITE);
if(!NT_SUCCESS(NtStatus))
{
DbgPrint(“CreateFile unfortunately failed.\n”);
return;
}
RtlStringCbPrintfA(pVoidBuffer, sizeof(pVoidBuffer), “%02x%02x%02x%02x%02x%02x%02x%02x\0”, *(SwitchState), *(SwitchState+1), *(SwitchState+2), *(SwitchState+3), *(SwitchState+4), *(SwitchState+5), *(SwitchState+6), *(SwitchState+7));
RtlStringCbLengthA(pVoidBuffer, sizeof(pVoidBuffer), &uLength);
NtStatus = ZwWriteFile (Handle, NULL, NULL, NULL, &IoStatusBlock, pVoidBuffer, uLength, NULL, NULL);
if(!NT_SUCCESS(NtStatus))
{
DbgPrint(“WriteFile unfortunately failed.\n”);
ZwClose(Handle);
return;
}
ZwClose(Handle);
}
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
> As by microsofts recommendations I reduce the Irql level to passive level before proceeding
but this means I have locked system.
At least you seem to realize that arbitrarily lowering IRQL leads to deadlock, so that it just cannot get done.
Then how would you suggest I lowered the the IRQL to a passive level?
If you want to make a call that cannot be made at elevated IRQL you have to either queue a workitem
or defer the job to dedicated driver thread…
Anton Bassov
> As by microsofts recommendations I reduce the Irql level to passive level
Never ever reduce the IRQL which was not raised by you.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
> Then how would you suggest I lowered the the IRQL to a passive level?
Ex/IoQueueWorkItem
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
Should that not be ZwCreateFile? The WDK documentation does not even define
CreateFile.
The personal opinion of
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Sunday, September 13, 2009 5:21 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Driver communication.
I don’t know what the op is doing exactly, but that’s not ‘CreateFile()’ of
user mode fame (too few arguments):
NtStatus = CreateFile (&Handle, GUNCONKB_DEVICE_ID, GENERIC_WRITE);
mm
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 4422 (20090913) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 4422 (20090913) __________
The message was checked by ESET Smart Security.
I strongly suggest that you take a step back and learn how things function at a little deeper level and stop trying to brute force a solution super quickly. That said, if you want to open the raw pdo and want sample code that detects when it arrives as well, look at the toastmon sample. There is nothing that says you need to use file handle based io (and thus zwreadfile and other zw io APIs) to talk with the raw pdo, you could open it, get the pdevobj and then send irps directly to it instead of via a file handle. OR even better, forgo the raw part of the pdo, make it a normal pdo and load your 2nd driver on top of this pdo. Now you can jist send io down the stack
d
Sent from my phone with no t9, all spilling mistakes are not intentional.
-----Original Message-----
From: xxxxx@hotmail.com
Sent: Sunday, September 13, 2009 2:29 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Driver communication.
This is my code. It won’t work and excuse the variable names.
VOID EvtUsbTargetPipeReadComplete (WDFUSBPIPE Pipe, WDFMEMORY Buffer, size_t NumBytesTransferred, WDFCONTEXT Context)
{
PUCHAR SwitchState = NULL;
WDFDEVICE WdfDevice;
PDEVICE_CONTEXT pDeviceContext = Context;
UCHAR index;
HANDLE Handle;
IO_STATUS_BLOCK IoStatusBlock;
CHAR pVoidBuffer[24];
size_t uLength;
NTSTATUS NtStatus;
WdfDevice = WdfObjectContextGetObject(pDeviceContext);
SwitchState = WdfMemoryGetBuffer(Buffer, &NumBytesTransferred);
pDeviceContext->CurrentSwitchState = *SwitchState;
DbgPrint (“EvtUsbTargetPipeReadComplete Pipe=?0x%08x? Buffer=?0x%08x? NumBytesTransferred=?%i? Context=?0x%08x?”, Pipe, Buffer, NumBytesTransferred, Context);
for(index=0; index < NumBytesTransferred; index++)
DbgPrint (“byte[%i]=?0x%02x?”, index, *(SwitchState+index));
NtStatus = CreateFile (&Handle, GUNCONKB_DEVICE_ID, GENERIC_WRITE);
if(!NT_SUCCESS(NtStatus))
{
DbgPrint(“CreateFile unfortunately failed.\n”);
return;
}
RtlStringCbPrintfA(pVoidBuffer, sizeof(pVoidBuffer), “%02x%02x%02x%02x%02x%02x%02x%02x\0”, *(SwitchState), *(SwitchState+1), *(SwitchState+2), *(SwitchState+3), *(SwitchState+4), *(SwitchState+5), *(SwitchState+6), *(SwitchState+7));
RtlStringCbLengthA(pVoidBuffer, sizeof(pVoidBuffer), &uLength);
NtStatus = ZwWriteFile (Handle, NULL, NULL, NULL, &IoStatusBlock, pVoidBuffer, uLength, NULL, NULL);
if(!NT_SUCCESS(NtStatus))
{
DbgPrint(“WriteFile unfortunately failed.\n”);
ZwClose(Handle);
return;
}
ZwClose(Handle);
}
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
I’m thinking that it’s perhaps something of his/her own creation, but I haven’t any idea.
mm
Looks like I have created a somewhat heated thread. Enough to say I know the code doesn’t work and CreateFile is part of the usermode and not kernel mode. I also know ZwCreateFile is the kernel equilivent however it was just a place holder.
Doron I have the upmost respect for you and any comments you give. As always I will read into each and everything you say. My explaination for me digging around in the deep end like this. For me, it is the fastest way for me to learn, especially isolating code and using it. I have a driver I wish to develop and that gives enough reason. Reading into the background comes next, with this in my mind as a reference. I hope that explains why.
I’ll be back, thanks again Doron, MM and everyone.
I have no knowledge of nor issue with your approach/method/reasons/et. c., other than the bit about it being a ‘place holder.’ Please don’t post code that isn’t, you know, your real code. That’s my opinion, at least. It just makes people wonder what the deal is and not want to help, because we can’t make heads or tails of it.
Good luck,
mm
oh that is my real code. CreateFile is a function and I know how to use ZwCreateFile to a device if I were using WDM. It was connecting to a PDO which I didn’t understand. If I didn’t explain this, I’m really sorry to everyone.
I’m reading through Dorons suggestion and it looks like it is exactly what I need.
Thanks for the luck MM.
In kmdf, a remote WDFIOTARGET encapsulates the ZwCreateFile call along with registering for device change notfications if the device goes away
d
Sent from my phone with no t9, all spilling mistakes are not intentional.
-----Original Message-----
From: xxxxx@hotmail.com
Sent: Monday, September 14, 2009 9:08 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Driver communication.
oh that is my real code. CreateFile is a function and I know how to use ZwCreateFile to a device if I were using WDM. It was connecting to a PDO which I didn’t understand. If I didn’t explain this, I’m really sorry to everyone.
I’m reading through Dorons suggestion and it looks like it is exactly what I need.
Thanks for the luck MM.
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
xxxxx@hotmail.com wrote:
This is my code. It won’t work and excuse the variable names.
You mean, like having a character array called “pVoidBuffer”? 
VOID EvtUsbTargetPipeReadComplete (WDFUSBPIPE Pipe, WDFMEMORY Buffer, size_t NumBytesTransferred, WDFCONTEXT Context)
{
PUCHAR SwitchState = NULL;
WDFDEVICE WdfDevice;
PDEVICE_CONTEXT pDeviceContext = Context;
UCHAR index;
HANDLE Handle;
IO_STATUS_BLOCK IoStatusBlock;
CHAR pVoidBuffer[24];
size_t uLength;
NTSTATUS NtStatus;WdfDevice = WdfObjectContextGetObject(pDeviceContext);
SwitchState = WdfMemoryGetBuffer(Buffer, &NumBytesTransferred);
pDeviceContext->CurrentSwitchState = *SwitchState;
Are you aware that this statement will only copy one byte?
RtlStringCbPrintfA(pVoidBuffer, sizeof(pVoidBuffer), “%02x%02x%02x%02x%02x%02x%02x%02x\0”, *(SwitchState), *(SwitchState+1), *(SwitchState+2), *(SwitchState+3), *(SwitchState+4), *(SwitchState+5), *(SwitchState+6), *(SwitchState+7));
I suppose it’s a matter of personal preference, but I would have thought
this was clearer as
SwitchState[0], SwitchState[1], SwitchState[2], SwitchState[3],
SwitchState[4], SwitchState[5], SwitchState[6], SwitchState[7] );
And are you aware you don’t need an explicit \0 in the string? All
literal strings end in \0 automatically.
This is strictly internal communication, right? It’s just between you
and your private device object in your keyboard driver? If so, then why
go to all the trouble to convert to hex? Why not just send the bytes in
binary?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.